查看文章

Botnets became the powerful cyber weapon that involves tens of millions of infected computers - “cyber zombies” - all over the world. The security industry makes efforts to prevent spreading botnets and compromising an Individual Cyberspace (IC)[1] of users in such way. However, botnets continue existing despite numerous takedowns initiated by antivirus companies, Microsoft, FBI, Europol and others. In this paper we investigate existed methods of traffic detection represented mostly by IDS system and discover new indicators that can be utilized for improving botnet traffic detection. To do this we analyse the most prevalent backdoors communication protocols that stay behind of the popular botnets. As a result, we extracted new data that might be used in detection routines of IDS (Intrusion Detection System). An objective of the study is mining new indicators of compromise from botnet traffic and using them to …